On 28 Jan 2007 at 0:06, [EMAIL PROTECTED] wrote: > My question is, if you have a program that breaks with PaX's > SEGMEXEC/PAGEEXEC, then it should break, too, under SSP/ProPolice, > correct?
no, these mechanisms catch bugs/exploits at different stages. e.g., ssp would detect a simple stack buffer overflow at the time the attacked function returned to its caller, PaX would detect it if the attacker supplied return address pointed to non-executable memory. > So if I have a program that breaks with SEGMEXEC/PAGEEXEC and I'm > using a full-on hardened setup with SSP/ProPolice, I could disable > PaX's SEGMEXEC/PAGEEXEC for that program, but it would still break > because then SSP/ProPolice would catch and kill it, correct? also no. in general, PaX catches runtime code generation and execution attempts, ssp catches simple stack buffer overflows. as i explained in the previous mail, quake3 does the former, but (hopefully) not the latter so i think you'll be fine with ssp. take note of http://bugs.gentoo.org/show_bug.cgi?id=135265 however, ssp has code generation bugs with no fixes in sight, although so far we haven't seen them in C code i think. -- [email protected] mailing list
